Continuous Auditing Where we are, how to improve and where ... · hr-1 Annual approval of...
Transcript of Continuous Auditing Where we are, how to improve and where ... · hr-1 Annual approval of...
2
“At Deloitte we’re investing several hundred million dollars in data analytics and
artificial intelligence with some cutting-edge applications that we really believe
differentiate us and our audit approach.”
Translating Our Mission to Our Audits
› Delivering Quality to Stakeholders & a Great
Experience to Clients
› Engaging the Minds of Our People – Reducing Low-
Value Activities & Leveraging Data
› Managing Firm Risk & Results – The Value
Proposition
3
Considerations
4
People & Change
Management
Methodology
Technology & Data
Quality & Oversight
Other Practice Mgmts. Impact
Capacity to Invest
› Consider capacity for investment
• National firms (38) with revenues > $100M (excluding
international networks)
› Combined revenue – $15B
› Average – $400M; range: $100M to $2B
• International firms (4)
› Combined revenue – $52B
• Firms #43 to #300
› Fee range: $10M to $99M
5
Source: Inside Public Accounting 2017 IPA 100 firms
Building the Future Audit
› Established 2016
› Joint venture focused on audit
technologies
6
› BKD’s National Director of Assurance
Services – June 1, 2017
› Strategic Plan – Audit of the Future,
version 1.2 & evolving …
› A different client environment at the
middle-market
AICPA Dynamic Audit Solution
› BKD investment, $60M total by major firms
› Investment in methodology to advance standards
› Done in partnership with a technology partner
› Self-disruption to maintain relevance & serve the
public & the profession
7
Key Data Advances Require
› Ingestion & connection capabilities
› Standardized taxonomies or normalizing
› Access to data for machine learning
› Continued investment in system training (AI)
› Human insight
› MOST IMPORTANTLY
• Ability & interest commensurate to the cost
8
Commonly Deployed Tools
› Ledger Systems, Microsoft Office, CAATs
• Pros – familiarity, customization, baseline objectives
• Cons – functionality limits, customization, limited
visualization, limited automation, disaggregated data,
version control (& how cloud is changing)
• Specific Excel issues
› Data integrity & access/control
› Advancement – PowerPivot, PowerBI, etc.
10
Integrators & Low-Code Environments
› Duplication & inconsistency challenges – particularly
with “independent” data
• Integrators: Attunity, Informatica, Microsoft, MuleSoft,
SAP, SAS, snapLogic
› Development to obtain data vs. low-code
environments to create systems (build vs. buy)
• Providers: Nintext, Appian, Intapp, Agiloft, Amelio
• Web-based inquiry & portals
11
Robotic Process Automation (RPA)
› A true human threat in low-value activities
• Picture a typical AP department
• Audit application & current practical limits
• Advanced OCR plays a role
› “Robots” – a digital workforce, but not physical
machines
• Repetitive actions or rule-based decision making
12
Artificial Intelligence/Machine Learning
› Artificial intelligence – pattern recognition, language
processing, predictive analytics, etc.
› Flags conditions & identifies options but requires
human assistance to obtain the data & interpret final
results
13
Internal Audit Example of Control TestingWhere are we? What can we improve right now? Where
do we need to go?
14
Still Need to Start with Risk!!!
› Important to remember to stick to the plan, but be flexible
• Risk Assessment
• Audit Plans
› Risk Assessments
• External audit risk assessment
• Internal operational risk assessment
› Is there a difference?
› BE EFFICIENT!!!
15
Internal Control Testing - External
16
External Audit Key Internal Controls
HR-1Annual approval of compensation policy and approval of pay scale by Compensation Committee is documented within signed minutes and through related policy dates.
HR-2
HR associate enters new employee and other changes in payroll records based upon completed HR change form completed by department heads. HR Change forms are signed by department managers and reviewed by hiring manager. All new payroll employees must fall within the pre-approved salary range and if outside is approved by the Compensation Committee and documented as such.
HR-3HR Payroll Manager completes a payroll check back on semi-annual payroll reports to ensure they were reviewed before and after final payroll is processed. The check back is supported by sign-offs and retained for audit.
HR-4
Human Resource Information Specialist (HR IS) is alerted when access to Payroll Software is requested, either addition of EE, termination of EE or change in access duties. HR IS reviews and sends request to IT specialist through ticket system. Change is documented within the IT Change management system.
HR-5Quarterly, Director of HR reviews Payroll System access reports. Access reports are reviewed against prepopulated duties.
HR-6Payroll accruals (including payroll wages, taxes, 401k) are made by Finance team member and reviewed by a Finance Manager on a monthly basis (account reconciliation).
HR-7Payroll related financial accounts are reviewed against budget by Finance and reported to the Board of Directors.
Operational Audits - Internal
17
Operation Audit Procedures
HR-1
1) Ensure updated policy is within one year or reasonable timeframe
2) Ensure updated policy is stored within Policy share file
3) Ensure pay scale is stored in secured HR drive and approved within the minutes of the Compensation
Committee
HR-2
1) Agree new EE to W-4, background check and credit report
2) Agree salary, benefits and tax elections to completed forms or on-line portal
3) Ensure personnel file contains resume, completed application
4) Ensure completed fields in HR system agree to approved hiring sheet or fields are terminated with eliminated
EE
5) View all signed hiring / termination sheets
6) Test that payroll changes / new EE pay is within policy and if not is approved by the compensation
committee
HR-3
1) Review payroll reports and view HR Payroll Manager reviewed via electronic signature
2) Test payroll reports that were approved for clerical accuracy
3) Test that payroll reports were properly recorded to the general ledger
HR-4
1) From IT change management system select population of requested changes
2) Test sample for proper approval of changes by the HR IS to the IT specialist
3) Test duties of sampled EE's against standard duties sheet. Obtain explanations for anomalies
HR-5 1) Obtain quarterly review reports for proper documentation of review by Director of HR
HR-6
1) Agree accruals to supporting payroll reports
2) Ensure mathematical accuracy of accrual and reconciliation (including imprest accounts)
3) Review approval and review by Finance Manager of the payroll account activity
HR-71) Review financial analytical review against budget, including mathematical accuracy
2) Complete predictive analytic of the payroll accrual balances
What Can We Currently Improve?
› Complete integration of internal control testing and operation testing
› Encouraged for internal control testing to be quarterly if frequency matches
› Continuous updates to operation audits in conjunction with internal control testing requirements
› Provide value to stakeholders
• Can statistical information be added to bring value from a numerical / chart presentation
• Be real-time with risk (or as close as possible)
18
Today’s Reality
› More data available than ever before with less
understanding about limitations
› Changed expectations vs. limited investments
› Beware of or embrace “spin?”
› Beware of overestimating return & underestimating
investment, particularly time
› Evaluate change in incremental terms
› Human beings (adoption/support) are critical
20
Considerations – Implementing Tech
› A solution in response to or in search of a problem?
› Simple & elegant?
› Scalable & sustainable?
› User-focused & human-assisted
› Culturally consistent or creating cultural change?
› Practical & effective in cost/value assessment?
21
Human Implications
› Low-value activities in high-volume environments are
ripe for automation
• Positive for public accounting
• At risk: clerks & other “inputters”
› Data that can be ingested & normalized creates
significant analysis opportunities
› Barriers to conceptual AI potential are difficult—but
not impossible—to overcome
22
Audit Considerations
› Low-hanging fruit
• Cleaning up data (redundancy/efficiency/leverage)
› Change
• Watch audit standards closely for future implications
› Stay informed
• Threats to the service – particularly componentization
from tech
› Invest
• Best tools relevant to your client base & challenges
23
Private Company Considerations
› Work with IT
• Understand reporting capabilities/challenges
› Investigate visualization opportunities
› Identify low-value/high-volume activities
• Efficiency & quality opportunities
› Pay attention to the cloud & cybersecurity
› Manage audits with better data
24
bkd.com | @bkdllp
The information contained in these slides is presented by professionals for your information
only & is not to be considered as legal advice. Applying specific information to your situation
requires careful consideration of facts & circumstances. Consult your BKD advisor or legal
counsel before acting on any matters covered.